Lucene search
SymantecCVE-2015-1485HistoryJun 28, 2015 - 7:59 p.m.
CVE-2015-1485
2015-06-2819:59:03
CWE-352
symantec
web.nvd.nist.gov
26
cve-2015-1485
csrf
vulnerability
symantec
dlp
administration console
enforce server
authentication
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.001
Percentile
46.6%
Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators.
Affected configurations
Node
symantecdata_loss_preventionRange≤12.5.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| symantec | data_loss_prevention | * | cpe:2.3:a:symantec:data_loss_prevention:*:*:*:*:*:*:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2015-06-28 19:59:00
cvelist
cvelist
CVE-2015-1485
2015-06-28 19:00:00
nvd
nvd
CVE-2015-1485
2015-06-28 19:59:03
symantec
symantec
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.001
Percentile
46.6%
Related for CVE-2015-1485